meta-ads-manager

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Connects to the official Meta Ads AI Connectors endpoint at mcp.facebook.com. This is a well-known and trusted technology service.
  • [COMMAND_EXECUTION]: Interfaces with the Meta Ads CLI and MCP server to manage ad campaigns. The skill implements strict safety protocols requiring manual user confirmation for budget changes and status toggles, and defaults all new campaigns to a 'PAUSED' state.
  • [CREDENTIALS_UNSAFE]: Demonstrates safe secret management by explicitly prohibiting hardcoded tokens and recommending OAuth 2.0 flows or environment variable injection via ${META_ACCESS_TOKEN}.
  • [PROMPT_INJECTION]: The skill processes untrusted user-supplied data which represents an indirect prompt injection surface.
  • Ingestion points: Ad creative text, media assets, and targeting parameters ingested during the ad creation workflow (SKILL.md).
  • Boundary markers: Uses structured data proposals and mandatory manual approval steps before executing API writes.
  • Capability inventory: Interacts with the Meta Ads API via an MCP server to create, modify, or delete ad resources.
  • Sanitization: Relies on human-in-the-loop verification and the default 'PAUSED' state for newly created assets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:27 AM
Security Audit — agent-trust-hub — meta-ads-manager